Practical secrecy-preserving, verifiably correct and trustworthy auctions

We present a practical system for conducting sealed-bid auctions that preserves the secrecy of the bids while providing for verifiable correctness and trustworthiness of the auction. The auctioneer must accept all bids submitted and follow the published rules of the auction. No party receives any useful information about bids before the auction closes and no bidder is able to change or repudiate her bid. Our solution uses Paillier's homomorphic encryption scheme [25] for zero knowledge proofs of correctness. Only minimal cryptographic technology is required of bidders; instead of employing complex interactive protocols or multi-party computation, the single auctioneer computes optimal auction results and publishes proofs of the results' correctness. Any party can check these proofs of correctness via publicly verifiable computations on encrypted bids. The system is illustrated through application to first-price, uniform-price and second-price auctions, including multi-item auctions. Our empirical results demonstrate the practicality of our method: auctions with hundreds of bidders are within reach of a single PC, while a modest distributed computing network can accommodate auctions with thousands of bids.

[1]  Valtteri Niemi,et al.  Secure Vickrey Auctions without Threshold Trust , 2002, Financial Cryptography.

[2]  Daisuke Yamamoto,et al.  Sealed-Bid Auctions with Efficient Bids , 2003, ICISC.

[3]  Roberto Burguet,et al.  Bribery and Favoritism by Auctioneers in Sealed-Bid Auctions , 2007 .

[4]  Ho-fung Leung,et al.  Secure Double Auction Protocols with Full Privacy Protection , 2003, ICISC.

[5]  K. Hagerty,et al.  The Mandatory Disclosure of Trades and Market Liquidity , 1995 .

[6]  Masayuki Abe,et al.  M+1-st Price Auction Using Homomorphic Encryption , 2002, Public Key Cryptography.

[7]  Mihir Bellare,et al.  Verifiable partial key escrow , 1997, CCS '97.

[8]  Matthew K. Franklin,et al.  Efficient generation of shared RSA keys , 2001, JACM.

[9]  R. McAfee,et al.  Auctions and Bidding , 1986 .

[10]  M. Rothkopf,et al.  Why Are Vickrey Auctions Rare? , 1990, Journal of Political Economy.

[11]  Elmar Wolfstetter,et al.  Bid Rigging - an Analysis of Corruption in Auctions , 2005, SSRN Electronic Journal.

[12]  Ian F. Blake,et al.  Scalable, Server-Passive, User-Anonymous Timed Release Public Key Encryption from Bilinear Pairing , 2004, IACR Cryptol. ePrint Arch..

[13]  Moti Yung,et al.  Robust efficient distributed RSA-key generation , 1998, STOC '98.

[14]  G. Gemmill Transparency and Liquidity: A Study of Block Trades on the London Stock Exchange under Different Publication Rules , 1996 .

[15]  Markus Jakobsson,et al.  Proactive public key and signature systems , 1997, CCS '97.

[16]  Christian Cachin,et al.  Efficient private bidding and auctions with an oblivious third party , 1999, CCS '99.

[17]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[18]  Hikaru Morita,et al.  Secure Protocol to Construct Electronic Trading , 2001 .

[19]  Yiannis Tsiounis,et al.  Easy Come - Easy Go Divisible Cash , 1998, EUROCRYPT.

[20]  John McMillan,et al.  Auctions of Rights to Public Property , 1996 .

[21]  Makoto Yokoo,et al.  Secure multi-agent dynamic programming based on homomorphic encryption and its application to combinatorial auctions , 2002, AAMAS '02.

[22]  Yeon-Koo Che,et al.  Competitive Procurement with Corruption , 2004 .

[23]  E. Maasland,et al.  Auction Theory , 2021, Springer Texts in Business and Economics.

[24]  David Levine,et al.  Changing the Game in Strategic Sourcing at Procter & Gamble: Expressive Competition Enabled by Optimization , 2006, Interfaces.

[25]  Benny Moldovanu,et al.  Goethe's Second‐Price Auction , 1998, Journal of Political Economy.

[26]  Sébastien Lahaie,et al.  An analysis of alternative slot auction designs for sponsored search , 2006, EC '06.

[27]  Jean Tirole,et al.  Auction design and favoritism , 1991 .

[28]  William Vickrey,et al.  Counterspeculation, Auctions, And Competitive Sealed Tenders , 1961 .

[29]  Tilman Börgers,et al.  Auction theory for auction design , 2003 .

[30]  Hugo Krawczyk,et al.  Secure Distributed Key Generation for Discrete-Log Based Cryptosystems , 1999, EUROCRYPT.

[31]  Marco Celentani,et al.  Corruption and Competition in Procurement , 2001 .

[32]  Mads J. Jurik,et al.  Extensions to the Paillier Cryptosystem with Applications to Cryptological Protocols , 2003 .

[33]  J. Doug Tygar,et al.  Electronic Auctions with Private Bids , 1998, USENIX Workshop on Electronic Commerce.

[34]  Michael Szydlo,et al.  Risk Assurance for Hedge Funds Using Zero Knowledge Proofs , 2005, Financial Cryptography.

[35]  Jean-Francois Richard,et al.  Bidder Collusion at Forest Service Timber Sales , 1997, Journal of Political Economy.

[36]  S. Rose-Ackerman The economics of corruption , 1975 .

[37]  Rocco A. Servedio,et al.  Highly Efficient Secrecy-Preserving Proofs of Correctness of Computations and Applications , 2007, 22nd Annual IEEE Symposium on Logic in Computer Science (LICS 2007).

[38]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[39]  Jung Hee Cheon,et al.  Timed-Release and Key-Insulated Public Key Encryption , 2006, Financial Cryptography.

[40]  Paul F. Syverson,et al.  Fair On-Line Auctions without Special Trusted Parties , 1999, Financial Cryptography.

[41]  Byoungcheon Lee,et al.  Receipt-Free Electronic Auction Schemes Using Homomorphic Encryption , 2003, ICISC.

[42]  Noam Nisan,et al.  Bidding Languages for Combinatorial Auctions , 2005 .

[43]  Jacques Stern,et al.  Non-interactive Private Auctions , 2002, Financial Cryptography.

[44]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[45]  Rafail Ostrovsky,et al.  Conditional Oblivious Transfer and Timed-Release Encryption , 1999, EUROCRYPT.

[46]  Abhi Shelat,et al.  Fair-Zero Knowledge , 2005, TCC.

[47]  Ananth N. Madhavan Market Microstructure: A Survey , 2000 .

[48]  Joonsang Baek,et al.  Token-Controlled Public Key Encryption , 2005, ISPEC.

[49]  Jens Christopher Andvig Corruption in the North Sea oil industry: Issues and assessments , 1995 .

[50]  Martin Pesendorfer A Study of Collusion in First-Price Auctions , 2000 .

[51]  Giovanni Di Crescenzo,et al.  Privacy for the Stock Market , 2002, Financial Cryptography.

[52]  Leandro Arozamena,et al.  The Effect of Corruption on Bidding Behavior in First-Price Auctions , 2005 .

[53]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[54]  Emmanouil Magkos,et al.  Uncoercible e-Bidding Games , 2004, Electron. Commer. Res..

[55]  T. Schelling The Strategy of Conflict , 1963 .

[56]  Elmar G. Wolfstetter,et al.  Corruption in Procurement Auctions , 2006 .

[57]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[58]  John Asker,et al.  Properties of Scoring Auctions , 2004 .

[59]  Yevgeniy Dodis,et al.  Time Capsule Signature , 2005, Financial Cryptography.

[60]  Ralph C. Merkle,et al.  Secure communications over insecure channels , 1978, CACM.

[61]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[62]  D. Graham,et al.  Collusive Bidder Behavior at Single-Object Second-Price and English Auctions , 1987, Journal of Political Economy.

[63]  David Lucking-Reiley Vickrey Auctions in Practice: From Nineteenth-Century Philately to Twenty-First-Century E-Commerce , 2000 .

[64]  M. Rabin DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION , 1979 .

[65]  Ivan Damgård,et al.  Statistical Secrecy and Multibit Commitments , 1998, IEEE Trans. Inf. Theory.

[66]  Fabrice Boudot,et al.  Efficient Proofs that a Committed Number Lies in an Interval , 2000, EUROCRYPT.

[67]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[68]  Manoj Kumar,et al.  Internet Auctions , 1998, USENIX Workshop on Electronic Commerce.

[69]  David Levine,et al.  Winner determination in combinatorial auction generalizations , 2002, AAMAS '02.

[70]  Ernest F. Brickell,et al.  Gradual and Verifiable Release of a Secret , 1987, CRYPTO.

[71]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[72]  Makoto Yokoo,et al.  Secure Generalized Vickrey Auction Using Homomorphic Encryption , 2003, Financial Cryptography.

[73]  Matthew K. Franklin,et al.  The Design and Implementation of a Secure Auction Service , 1996, IEEE Trans. Software Eng..

[74]  Ivan Damgård,et al.  A Practical Implementation of Secure Auctions Based on Multiparty Integer Computation , 2006, Financial Cryptography.

[75]  Christopher Thorpe,et al.  Time-Lapse Cryptography , 2006 .

[76]  Anshul Kothar,et al.  Approximately-strategyproof and tractable multi-unit auctions , 2003 .

[77]  O. Ashenfelter How Auctions Work for Wine and Art , 1989 .

[78]  Moni Naor,et al.  Privacy preserving auctions and mechanism design , 1999, EC '99.

[79]  Paul Milgrom,et al.  Putting Auction Theory to Work , 2004 .

[80]  David Porter,et al.  Combinatorial auction design , 2003, Proceedings of the National Academy of Sciences of the United States of America.

[81]  Susanne Wetzel,et al.  LiDIA—a library for computational number theory , 1997, SIGS.

[82]  M. Rabin,et al.  Randomized algorithms in number theory , 1985 .

[83]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[84]  Allan T. Ingraham A Test for Collusion between a Bidder and an Auctioneer in Sealed-Bid Auctions , 2005 .

[85]  Felix Brandt,et al.  How to obtain full privacy in auctions , 2006, International Journal of Information Security.

[86]  R. Porter,et al.  Detection of Bid Rigging in Procurement Auctions , 1992, Journal of Political Economy.

[87]  Donald B. Keim,et al.  The Upstairs Market for Large-Block Transactions: Analysis and Measurement of Price Effects , 1996 .

[88]  Yiannis Tsiounis,et al.  "Indirect Discourse Proof": Achieving Efficient Fair Off-Line E-cash , 1996, ASIACRYPT.

[89]  Hiroaki Kikuchi,et al.  (M+1)st-Price Auction Protocol , 2002, Financial Cryptography.

[90]  Joe Kilian,et al.  A note on efficient zero-knowledge proofs and arguments (extended abstract) , 1992, STOC '92.

[91]  Johannes Buchmann,et al.  LiDIA : a library for computational number theory , 1995 .

[92]  Sean W. Smith Trusted Computing Platforms - Design and Applications , 2005 .

[93]  Thierry Verdier,et al.  Corruption and Competition in Procurement Auctions , 2005 .

[94]  Paul Feldman,et al.  A practical scheme for non-interactive verifiable secret sharing , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[95]  Roger B. Myerson,et al.  Optimal Auction Design , 1981, Math. Oper. Res..

[96]  Flavio M. Menezes,et al.  Corruption And Auctions , 2001 .

[97]  B. Rindi,et al.  Transparency, Liquidity and Price Formation , 2002 .

[98]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[99]  Felix Brandt,et al.  (Im)possibility of unconditionally privacy-preserving auctions , 2004, Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems, 2004. AAMAS 2004..

[100]  Sunju Park,et al.  Protocol completion incentive problems in cryptographic Vickrey auctions , 2008, Electron. Commer. Res..

[101]  Marc S. Robinson,et al.  Collusion and the Choice of Auction , 1985 .

[102]  David C. Parkes,et al.  Cryptographic Securities Exchanges , 2007, Financial Cryptography.

[103]  Maarten C. W. Janssen Auctioning Public Assets: Analysis and Alternatives , 2004 .

[104]  L. Glosten,et al.  Market Microstructure: A Survey of Microfoundations, Empirical Results, and Policy Implications , 2005 .